How to forward to a port / address (Redirect) with firewalld?


This page shows you how to forward your traffic based on a port with the forward-port rule.

How to forward the port 443 to the port 8443

As a zone option

In a zone option, you can add directly port forwarding directly without using a rich rule.

firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443

Other commands are available to manage the forward-port option:

  • List IPv4 forward ports
firewall-cmd --list-forward-ports 
  • Add the IPv4 forward port
firewall-cmd --add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
  • Remove the IPv4 forward port
firewall-cmd   --remove-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
  • Return whether the IPv4 forward port has been added
firewall-cmd   --query-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]

With a rich rule

Add the forward-port rich rule

rule forward-port family=ipv4 port=443 protocol=tcp to-port=8443


firewall-cmd --permanent \
  --add-rich-rule='rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443'

The forward-port rule may also forward a packet to another address. The whole rule format is:

<forward-port port="portid[-portid]" protocol="tcp|udp" [to-port="portid[-portid]"] [to-addr="address"]/> |

Discover More
Firewalld - Howto's

A list of howto based on firewalld from country to subnet filtering as well as disabling it in rescue mode
Firewalld - Policy

A policy applies a set of rules to traffic flowing between zones. The policy affects traffic in a stateful unidirectional manner, e.g. from: an ingress zone: zoneA to an egress zone: zoneB. ...
Firewalld - Zone

A zone is a grouping of rule configurations known as zone option. A firewall zone is defined for: a connection, an interface or source address binding (range of source addresses) This is a one-to-many...
What are Rich Rules or Rules in Firewalld?

Rich rule is a line of text that: begins with rule defines a list of options and terminates by an action: accept reject drop mark If a packet matches the options of the rich rule, the...

Share this page:
Follow us:
Task Runner